[Infographic] Authenticating Electronic Signatures in an Online World
Businesses are increasingly moving customer transactions to a completely electronic environment for the delivery, review and signing of contracts and documents of all types. Oftentimes, that means everything is handled remotely. The benefits of offering customers, vendors and partners with a way to sign business contracts and other paperwork are great but there are always concerns about authentication when the entire process happens online, without any face time.
User authentication is critical to electronic signatures. It legally associates an e-signature to the person signing, thereby reducing the risk of repudiation. It also helps to ensure enforceability of the e-signed record and has a big impact on the customer experience. Executed well, user authentication builds trust and loyalty. Done poorly, it can lead to frustration and abandonment of the electronic process.
There are many secure and user friendly options for authenticating signers online. Ultimately the choice of authentication depends on the process being automated. An internal process probably requires a different authentication than a legally enforceable transaction with a vendor or customer. The channel, type of documents and value of the transaction also have an impact on the type of authentication used for e-signatures. In the end, it comes down to the level of risk. When choosing the best authentication option the key is to know your process well enough to recognize where the authentication safeguards are already built in and where additional authentication methods for e-signature transactions should be added into the workflow.
Our whitepaper User Authentication For E-Signature Transactions: How to Select the Right Authentication Methods to Prove Who Signed provides these general guidelines for choosing e-signature authentication:
- In the case of internal processes taking place between employees, the best practice is to use a username and password. Or where available, Single Sign On (SSO) is also a good choice.
- For non-disclosure agreements, basic contracts, expense approvals and other day-to-day signing processes between an organization and its business partners, members and/or customers, we recommend email authentication.
- When sensitive documents are involved, consider two authentication methods used together to mitigate risk around someone claiming "That’s not my signature!" For instance, for financial transactions or insurance applications, set up to two or three challenge questions to authenticate the signer. This method can also be combined with dynamic knowledge-based authentication (KBA) for stronger authentication. SMS authentication via the signer’s phone is another option for when combining ways to authenticate an e-signature.
Our user authentication whitepaper provides much more in-depth guidance on how to select and implement authentication techniques related to e-signature transactions. Security is understandably a top concern with online transactions, so you may also want to review SOC 2 Vs. The Other Guys: Comparing Apples To Oranges. With multiple frameworks and certifications in the market, there is a lot of confusion about what can attest to the security of a system.